Rewterz Threat Advisory – PatchWork APT Group Targeting (NCOC)

Rewterz Threat Advisory – APT SideWinder Group – Active IOCs

February 23, 2022

Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs

February 23, 2022

Rewterz Threat Advisory – PatchWork APT Group Targeting (NCOC) – Active IOCs

Severity

High

Analysis Summary

PatchWork, (also known as Mahabusa, White Elephant, hangOver, VICEROY TIGER, and The Dropping Elephant) is an APT that mainly conducts cyber-espionage activities against Asian countries especially against China and Pakistan. The threat actors are now targeting National Command and Operation Center (NCOC) with a maldoc named “DEPT_NCOC.xlsm” which seemingly is distributed to update the employee COVID Vaccination database.

Impact

Information Theft and Espionage

Indicators of Compromise

Filename

Briefing on Ongoing Projects[.]docx
payload_1[.]bin

MD5

466fb005506e1dc15118a6768b2c7e5a
021067f645525cb5caecf04670a63485

SHA-256

eeeb99f94029fd366dcde7da2a75a849833c5f5932d8f1412a89ca15b9e9ebb7
c2809dcc935ed3c7923f1da67d1c5dddc4ece2353a4c0eab8c511a14fa7e04c1

SHA-1

34fdaf8593013d0f4569439f7891017703f0c294
d5bb4d8ef1ec8fdd78f58029c28c580f9a3fcbf8

URL

https[:]//dgmp-paknavy[.]mod-pk[.]com/14325/1/10/2/0/0/0/m/files-5291bef6/file[.]rtf

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.